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Case ID #: 288-HQO-0-Assess (U) 288 Victim Leads Assessment file 


Synopsis: U On 8/3/2016, Washington Field Office, Squad CyY-5, received 
a referral from the Hillary For America (HFA) campaign. The campaign 
received an email threat from lizardscuad@lizardsquad.org indicating 
that the HFA would be hit with a DDOS attack on 8/8/2016 unless the 
campaign paid 22 bitcoin to a specific bitcoin address. The threat was 
received by the campaign on 8/1/2016 at 9:02 P.M. 


(U)The bitcoin address provided by the threat actor 
Jead9Cx7iDCUZSxFAVAATCBGXqZLONEKB was checked and revealed that it was 
an active bitcoin address but had no transactions or deposited bitcoin 
in it. 


(U) On 8/9/2016, at 11:47 p.m., FBI received an email from Hillary For 
America (HFA) campaign attorney Michael Sussmann. In the email, 
Sussmann wrote, "Rodney, Thank you for your message today. Thankfully 
there was no DDoS. We appreciate your attention and assistance. 
Regards, Michael" 
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CYBER GUARDIAN IS THE PROPERTY OF THE NCIJTF. INFORMATION FROM CYBER GUARDIAN 
IS PROVIDED TO YOUR AGENCY FOR INTELLIGENCE AND LEAD PURPOSES ONLY. THE USE 
OF THE INFORMATION IN CYBER GUARDIAN IS RESTRICTED BY FEDERAL GOVERNMENT 
POLICY. THIS INFORMATION MAY ONLY BE USED IN WRITTEN PRODUCTS OR BRIEFINGS 
WITH THE ADVANCE AUTHORIZATION OF THE ORIGINATING AGENCY. ANY RECIPIENT 
INTERESTED IN USING THIS INFORMATION, OR ANY INFORMATION DERIVED THEREFROM, 
MUST FIRST CONTACT THE NCIJTF AT 855-292-3937 OR CYBER-GUARDIAN@FEBI.SGOV.GOV 
TO OBTAIN THE NECESSARY APPROVAL FROM THE ORIGINATING AGENCY. 


Generated: 09/22/2016 9:59 AM EDT 


Incident Summary 


330750_CYVWANTREIBUO) Cyber elated Targeted Entity - Hillary for America Campaign far) 


(U) On 8/3/2016, Washington Field Office, Squad CY-5, received a referral from the 
Hillary For America (HFA) campaign. The campaign received an email threat from 2) Cyber 
lizardsquad@lizardsquad.org indicating that the HFA would be hit with a DDOS attack on Assessment 
8/8/2016 unless the campaign paid 22 bitcoin to a specific bitcoin address. The threat was 
received by the campaign on 8/1/2016 at 9:02 P.M. 


Status: Closed 


(U)The bitcoin address provided by the threat actor Information Only 
7ead9Cx7iDCJZ5xFAyAATCBgXqZL9N EKB was checked and revealed that it was an active nE Rodine 
bitcoin address but had no transactions or deposited bitcoin in it. Incident Type: Cyber Incident - Criminal 
Activity Type: Distributed Denial of 
(U) On 8/9/2016, at 11:47 p.m., FBI received an email from Hillary For America (HFA) Sirsa: Sie ee) 
campaign attorney Michael Sussmann. In the email, Sussmann wrote, "Rodney, Thank you Reporting FBI 
for your message today. Thankfully there was no DDoS. We appreciate your attention and Agency: 
istance. Regards. Michael" Receipt Method: Other 
assis E MEJANS: Reporting 288A-WF-2067111 Serial 
Agency Ref: 1 
Assigned Office: CYWATCH 
Incident Creator: null eGuardian 
Incident Owner: ERIC LU 
Incident Due 10/22/2016 09:59:34 AM 
Date: 
Cyber Threat Prioritization 
National Threat Priority: Does not address one of the national threat priorities 
Priority Level: Level 1: Low (Green) 
Actor Types: UNATTRIBUTED - Actor 
Threat Types: Type 3: Hacktivists 


Cyber Targeted Entities 


(U) 3063748 VNE Created on 09/21/2016 02:33:59 PM 


(U) Notified by Self-Report 08/03/2016 
https://sentinel. fbinet.fbi/lavender/#/EntityProfile/18 1570433 


Organization 

(U) Hillary for America Campaign 
Type: Organization 
Sector: None 
Addresses: (U) One Pierrepont Plaza, Brooklyn New York City New York United States 

One Pierrepont Plaza, Brooklyn 

New York City,New York 

,United States 

Details 
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Reporting Agency: FBI 
Public Data Exposed?: Unknown 
Encrypted Data?: Unknown 


Reporting Agency Reference: 288A-WF-2067111 Serial 1 


[ ‘Notes 


| Targeted Entity Notification Leads 


| Attachments 


Attachments 


U) (U) Indexing of Hillary for America as a victim entity in Sentinel. (281.7 KB 


(U) Sentinel Import Details 
Description: The following information could not be imported. 


Threat Actor : CYBER THREAT ACTOR - OTHER 


Status: Completed 
History: 
09/21/2016 02:34:08 PM Created Note: Sentinel Import Details null eGuardian ( HQ - Counterterrorism /OS/ 


FTTTE/GATEWAY) 


(U//F OUO) Disposition 


Assessment Subfile Number: 288-HQ-0-ASSESS 

Note: Notified by Self Report 

Disposition: Incident Closed - Notification Completed - No further action 
needed 


It is noted that the individual or group identified during the Assessment does not warrant further FBI investigation 
at this time. Any dissemination of information from this Assessment regarding the individual or group identified 
must include an appropriate caveat with the shared information. It is recommended that this Assessment be closed. 


Workflow 
09/21/2016 02:33:57 PM Imported Incident from SENTINEL_DOCUMENT 


09/21/2016 02:33:58 PM Submitted Imported Incident 


09/22/2016 09:59:35 AM Approved as Information Only 
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